[news.admin] Security of chroot

cl@datlog.co.uk (Charles Lambert) (12/02/88)

In article <172@jetson.UPMA.MD.US> john@jetson.UPMA.MD.US (John Owens) writes:
>In other words, chroot allows you to fool privileged programs that
>rely on files with particular pathnames (/etc/passwd, /etc/group,
>/etc/hosts.equiv, /usr/lib/sendmail.cf, /usr/lib/aliases, etc.).

Good grief!  Do you mean to say that these fundamental programs cannot
(or simply do not) check where the "real" root is?  Is it not possible to
do so,  as it is possible to check the real userid?

Charlie

henry@utzoo.uucp (Henry Spencer) (12/06/88)

In article <945@dlhpedg.co.uk> cl@datlog.co.uk (Charles Lambert) writes:
>Good grief!  Do you mean to say that these fundamental programs cannot
>(or simply do not) check where the "real" root is?  Is it not possible to
>do so,  as it is possible to check the real userid?

It is difficult to do portably.  And at some point you've got to trust
something.  With chroot limited to the superuser, pathnames are trustworthy
unless you've got incompetent systems programmers.  Chroot was never meant
to be something that naive users would do every day.
-- 
SunOSish, adj:  requiring      |     Henry Spencer at U of Toronto Zoology
32-bit bug numbers.            | uunet!attcan!utzoo!henry henry@zoo.toronto.edu